The protection of your personal data is important to us, so we would like to provide you with information as simply and as accurately as possible about contact options and personal data.
First, you will receive information about the contact options for our data protection officer as well as options for encrypted contact. We then will introduce the legal and technical terms that will be used later. Thereafter, you will get an outline of the rights of the person concerned (data subject). In the following you will find the data controller’s details. Finally, the technologies used, services and our handling will be discussed
1 Contact to the data protection officer
If you have questions or would like further information, you can always contact our external data protection officer, the contact details are:
Oliver Offenburger, M.Sc.
Phone: +49 7721 69724 00
Fax: +49 7721 69724 01
The preferred contact option is by e-mail. You can also contact the data protection officer by mail or phone. If you want to encrypt your e-mail to our data protection officer, we recommend that you read the following section.
Notes on inquiries:
For requests by e-mail during regular business hours, we will confirm receipt of message on the same day. If you do not receive confirmation, please contact us by phone.
If you make a request or inquiry by post, we will send you confirmation of receipt on the same day of receipt, but no later than one day after receipt. If you do not receive confirmation, please contact us by phone.
For a telephone inquiry, we kindly ask you to use the telephone number of our data protection partners, eye-i4 GmbH.
1.1 Encryption of e-mails to our data protection officer
We are proponents of encrypted transmission by e-mail. To ensure confidentiality and integrity, we therefore offer you the option to encrypt your requests to the data protection officer. We use PGP to encrypt data. You can find information about free of charge usage options and the facility on the website of our privacy partner, see the following link:
You can download our PGP key by using the link below:
If you would like a fingerprint verification, please contact our privacy partner, eye-i4 GmbH.
If you have further questions about encryption, please contact our data protection officer.
2 Termin in legal context
Before dealing with legal issues, we would first like to introduce the relevant terms:
2.1 EU-DSGVO (also called DSGVO)
The term EU-DGDPR (hereinafter also “DSGVO”) refers to the General Data Protection Regulation. This is a basic regulation of the European Union, which governs how personal data must be processed. For information, the text of the DSGVO can be found on the following link:
2.2 Data Controller
The "data controller" is a natural or legal person, public authority, agency or other body, which either alone or with others, determines the purposes and means of processing and handling personal data. Where the purposes and means of such processing are set down by Union law or by the law of the Member States, the data controller or the specific criteria for their designation will be laid down by Union law or by the law of the Member States.
2.3 Personal Data and Data Subject
“Personal data” refers to all information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is regarded as identifiable, if he/she can be directly or indirectly identified, especially by a reference to an identifier such as a name, an identification number, with location data, an online ID or with one or several special characteristics reflecting the physical, physiological, genetic, psychic, economic, cultural or social identity of that natural person.
"Processing” means any operation or series of operations carried out with or without the aid of automated procedures relating to personal data, such as the collection, recording, organisation, allocation, storage, adaption or amendment, selection, retrieval, use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.
2.5 Restriction of Processing
“Restriction of processing” is the marking of personal data stored in order to limit its future processing.
A “processor” is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.
“Recipient” is a natural or legal person, authority, institution or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union law or the law of the Member States under a particular investigation mandate shall not be considered recipients; the processing of such data by these said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing data.
2.8 Third party
“Third party “refers to a natural or legal person, public authority, agency or body other than the data subject, data controller, processor and persons who, under the direct authority of the data controller or processor, are authorised to process personal data.
“Consent' means any voluntary, informed and unambiguous expression of the data subject’s intent - regarding a particular case - in statement form or any other unambiguous affirmative act by which the data subject indicates his or her consent to the processing of his or her personal data.
2.10 Personal Data Breach
“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
2.11 Data concerning Health
“Data concerning health” means personal data related to the physical or mental health of a natural person, including the provided health care services, which reveal information about his or her (subject data's) health status.
“Company” means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly pursuing an economic activity.
2.13 Supervisory Authority
The “supervisory authority” means an independent public authority which is established by a Member State pursuant to Article 51.
2.14 Relevant and substantiated objection
A “relevant and substantiated objection” means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether a proposed action in relation to the data controller or contract processor is in accordance with this Regulation, which clearly demonstrates the scope of risks posed by the draft decision with regards to the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.
3 Terms in the Technical Context
Before we move on to discuss technical issues, we would first like to introduce you to the following related terms:
3.1 Filing system
The “Filing system” means any structured collection of personal data which are accessible according to specific criteria, whether centralised, decentralised or organised according to functional or geographical basis.
Cookies are text files stored on your device by a website using your browser. These text files can be designed to carry out technical matters such as a shopping cart mechanism or to identify your visitor behaviour. For this purpose, the text files can be provided with identification features and additional information.
In the browser of your terminal, you have the option to prevent cookies being stored. However, disabling cookies may result in technical restrictions when using the website.
3.3 Server logs
Server logs are log files that are created by the web server and document access to a website. In a log entry, a variety of information can be collected, such as access time, browser type, and the visitor’s IP address, and so on.
The referrer is a term used to denote the link back to the data controller’s site. For example, the referrer can read from server logs.
4 Rights of Data Subject
The rights of the data subjects arise from the DSGVO as well as from the respective national legal provisions on data protection. If you would like to assert your rights, we kindly ask you to contact the data protection officer by using the option described in the beginning. In the following, we would like to draw your attention to your rights, which come from the DSGVO, in particular Chapter 3:
4.1 Information obligation
The data subject has the right to obtain information about the data subject’s personal data held if data has been collected from the data subject or even if data has not been collected from the data subject. The relevant provisions are stipulated in Chapters Articles. 13 and 14 DSGVO.
4.2 Right to Information
The data subject has the right to obtain from the controller confirmation as to whether personal data related to the data subject has been or will be processed; if this is the case, he or she (the data subject) has the right to access such personal data and to further information in accordance with Art. 15 DSGVO.
4.3 Right of Rectification
The data subject has the right to request that the data controller rectify and or amend any incorrect personal data.
Taking into account the purposes of the processing, the data subject has the right to demand that incomplete personal data be completed, also by means of including a supplementary statement.
4.4 The Right to Deletion (right to be forgotten)
The data subject has the right to demand that the data controller delete personal data relating to him or her (the data subject) without delay and the data controller shall be obliged to delete personal data without delay if one of the reasons set out in Art. 17 DSGVO applies.
4.5 The Right of Restriction of Processing
The data subject has the right to demand from the data controller the restriction of processing if one of the provisions set out in Art. 18 DSGVO is met.
4.6 Notification Obligation
The data controller is to notify all recipients to whom personal data have been disclosed regarding any correction or deletion of personal data or any restriction on processing pursuant to Article. 16, Article. 17 (1) and Article. 18 DSGVO, unless this proves impossible or involves disproportionate effort.
The data controller shall inform the data subject of said recipients when requested to do so by the data subject.
4.7 Right to Data Portability
The data subject has the right to obtain personal data concerning him or her (the data subject) which was provided to a data controller in a structured, standardised and machine-readable format and has the right to transfer this data to another data controller without any obstruction from the data controller to whom the personal data have been provided.
4.8 Right of Objection
The data subject has the right to object at any time to the processing of personal data relating to him/her (the data subject) pursuant to Article 6 Section1 Letter e or f or for reasons arising from his/her particular situation, including profiling based on those provisions. The data controller shall no longer process personal data unless he/she can demonstrate compelling legitimate grounds for processing that outweighs the interests, rights and freedoms of the data subject, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
4.9 Complaint to the Regulatory Authority
Pursuant to Art. 77 DSGVO, you have the right to complain to a regulatory authority. As a rule, you can contact the regulatory authority of your usual place of residence or work or the head office of the data controller.
Our responsible regulatory authority is:
State Commissioner for Data Protection and Freedom of Information, Stuttgart
5 Data Controller Details
The Controller according to Art. 24 DSGVO is listed below:
Wagon Automotive Nagold GmbH
Further information about the Data Controller can be found in Company Details.
6 Web Technologies used
6.1 Server logs
If using the website for information only, i.e. you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server: If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you and to guarantee stability and security (Pursuant to Article 6(1) Section 1 a-f DSGVO):
- Anonymized IP address,
- Date and time of request,
- Time zone difference from Greenwich Mean Time (GMT),
- Content of the request (specific page),
- Request status/HTTP status code,
- Each transmitted amount of data,
- Website from which the request comes (so-called referrer),
- Web browser,
- Operating system and device,
- Language and version of the browser Software
When using our website, cookies are stored on your computer. You can configure your browser settings as desired and refuse to accept third-party or any cookies. Please note that you may not be able to use all the functions of this website.
This website and our services use the following types of cookies, the scope and functionality of which are explained belown:
- Transient Cookies,
- Persistent Cookies.
6.2.1 Transient Cookies
Transient cookies are automatically deleted when you close the browser. This especially includes session cookies. They store a session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
6.2.2 Persistent Cookies
Persistent cookies are automatically deleted after a specified period which may differ depending on the cookie in question. You can delete the cookies at any time in the security settings of your browser.
6.3 Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses "cookies", which are text files stored in your computer which enable the way in which users use the website to be analysed. As a rule, the cookie-generated data regarding your use of this website will be forwarded to a Google server in the USA and stored there. However, if IP anonymisation is enabled on this website, your IP address will first be truncated by Google within member states of the European Union or in other signatory States that are party to the Agreement in the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
This website uses Google Analytics with the extension “anonymizeIp() “. As a result, IP addresses are only processed in truncated form in order to prevent Google from identifying specific individuals' use of the site. If the data collected about you are personally identifiable, they will be immediately blocked and the personal data deleted as soon as possible.
We use Google Analytics to analyse and regularly improve the function of our website. The statistics obtained will enable us to improve our services and make them more interesting for you as a user. Google has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework with regard to any personal data which are transferred to the USA. The legal basis for the use of Google Analytics is Art. 6(1) clause a-f DSGVO.
Third party provider information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. User conditions:
Preventing the use of Google Analytics is possible by activating Opt-Out .
6.4 Google Maps
We use Google Maps functions on this website. This allows us to display interactive maps directly on the website and allows you to conveniently use the map function.
When you visit this website, Google is notified that you have accessed the corresponding sub-page of our website. This occurs regardless of whether Google provides a user account that you are logged in to, or if there is no user account. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your Google profile, you must first log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website, if needed. Such analysis is also carried out (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles, however you need to contact Google in order to exercise this right.
7 Additional Online Platforms
In Addition to our website, we use other online platforms and digital channels such as social media to get in touch with interested parties and customers. These are listed below.
We have included YouTube videos in our on-line service, which are stored on https://www.youtube.com and are playable directly from our website.
When you visit this website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned under Section 3 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account that you are logged in to, or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. You Tube stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website when needed. Such analysis is also carried out (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles, however you need to contact YouTube to exercise this right.
8 Storage Duration
If not specified otherwise, personal data are always deleted once the purpose of their collection has been fulfilled.
In some cases, the legislator provides for the Retention of personal data, i.e. in tax or Commercial law. In These cases, data will only stored by us for the legal purposes, but will not otherwise be processed and will be deleted after expiration of the statutory Retention period.
9 Disclosure to third Parties
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only disclose your personal data to third parties if:
- You have expressly consented to this under Art. 6 Paragraph (1) Section 1. lit a. DSGVO,
- The disclosure in accordance with Article 6 Paragraph 1 Sec.tion1 lit. f DSGVO is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest in not disclosing your data,
- In the event that disclosure pursuant to Art. 6 Paragraph 1 Section 1 lit. c DSGVO, a statutory obligation is provided and
- this is legally permissible and necessary for the execution of contractual relationships with you pursuant to Art. 6 Paragraph 1 Section 1 lit. b DSGVO.